﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;

namespace SoftwareEngineering_Project
{
    public class User
    {
        public int EmployeeID;
        public int RoleID;
        public string Username;
        private string PasswordHASH;
        private string PasswordSALT;
        string AStatus;
        public Employee EmployeeData;
        SqlDataReader myReader;
        //Create a new employee instance
        public User(int EmployeeID,int RoleID,string Username, string PasswordHASH, string PasswordSALT,string AStatus)
        {
            this.EmployeeID = EmployeeID;
            this.RoleID = RoleID;
            this.Username = Username;
            this.PasswordHASH = PasswordHASH;
            this.PasswordSALT = PasswordSALT;
            this.AStatus = AStatus;
        }
        
        // An empty constructor
        public User()
        {
        }
        public Boolean AddtoDataBase()
        {
            string sqlcommand;
            sqlcommand = "INSERT INTO SysUser VALUES('" + Username + "','" + EmployeeID + "','" + RoleID + "','" + PasswordHASH + "','" + PasswordSALT + "','" + AStatus + "');";
            DBConnection DB = new DBConnection();
            ////DB.cnTransact.Open();
            // Myusers.DataSource = DB.ExecuteCommandquery(sqlcommand);
            if (DB.ExecuteCommandNonquery(sqlcommand))
            {
                (new Logs()).CreateLog("4", "");
                return true;
            }
            else
            {
                return false;
            }

            ////DB.cnTransact.Close();

            return false;
        }
        public Boolean CheckifuserExists(string UserName, string password)
        {
            string sqlcommand;
            sqlcommand = "select * from SysUser where UserName='" + UserName + "' AND PasswordHASH = '" + password + "'";
            DBConnection DB = new DBConnection();
            //////DB.cnTransact.Open();
            // Myusers.DataSource = DB.ExecuteCommandquery(sqlcommand);
            if (DB.ExecuteCommandquery(sqlcommand).HasRows)
            {
                return true;
            }
            else
            {
                return false;
            }

            //////DB.cnTransact.Close();

            return false;
        }
        public Boolean Checkifuserregistered(string UserName)
        {
            string sqlcommand;
            sqlcommand = "select * from SysUser where UserName='" + UserName + "' AND AStatus='Valid'";
            DBConnection DB = new DBConnection();
            //////DB.cnTransact.Open();
            // Myusers.DataSource = DB.ExecuteCommandquery(sqlcommand);
            if (DB.ExecuteCommandquery(sqlcommand).HasRows)
            {
                return true;
            }
            else
            {
                return false;
            }

            //////DB.cnTransact.Close();

            return false;
        }
        public Boolean ChangeStatus(string UserName, string passwordHASH, string passwordSALT)
        {
            string sqlcommand;
            sqlcommand = "select * from SysUser where (UserName='" + UserName + "' AND passwordHASH='" + passwordHASH + "' AND PasswordSALT='" + passwordSALT +"')";
            DBConnection DB = new DBConnection();
            //////DB.cnTransact.Open();
            // Myusers.DataSource = DB.ExecuteCommandquery(sqlcommand);
            if (checkStatus(UserName, passwordHASH,passwordSALT))
            {
                sqlcommand = "Update SysUser SET AStatus ='Valid' where (UserName='" + UserName + "' AND passwordHASH='" + passwordHASH + "' AND PasswordSALT='" + passwordSALT + "')";
                DB.ExecuteCommandNonquery(sqlcommand);
                (new Logs()).CreateLog("5", "");
            }
            else
            {
                return false;
            }

            ////DB.cnTransact.Close();

            return true;

        }
        private Boolean checkStatus(string UserName, string passwordHASH, string passwordSALT)
        {
            string sqlcommand;
            sqlcommand = "select * from SysUser where (UserName='" + UserName + "' AND passwordHASH='" + passwordHASH + "' AND PasswordSALT='" + passwordSALT + "')";
            DBConnection DB = new DBConnection();
            ////DB.cnTransact.Open();
            // Myusers.DataSource = DB.ExecuteCommandquery(sqlcommand);
            if (DB.ExecuteCommandquery(sqlcommand).HasRows)
            {
                ////DB.cnTransact.Close();
                return true;
            }
            else
            {
                ////DB.cnTransact.Close();
                return false;
            }
        }
        public void getUser(string Username)
        {
            string query = "SELECT UserName, Employee_ID, Role_ID FROM SysUser WHERE (UserName = '" + Username + "');";
            DBConnection DB = new DBConnection();
            ////DB.cnTransact.Open();
            myReader = DB.ExecuteCommandquery(query);
            if (myReader.HasRows)
            {
                myReader.Read();
                this.Username = (string)myReader["UserName"];
                this.RoleID = (int)myReader["Role_ID"];
                this.EmployeeID = (int)myReader["Employee_ID"];
                this.EmployeeData = new Employee();
                this.EmployeeData.getEmployeeByID(this.EmployeeID.ToString());
            }
            ////DB.cnTransact.Close();
            //return user;
        }
        public SqlDataReader getUsers(string sqlcommand)
        {
            DBConnection DB = new DBConnection();
            ////DB.cnTransact.Open();
            myReader = DB.ExecuteCommandquery(sqlcommand);
            return myReader;
        }
        //to return current password or type or any instance of type string depending on the sql command
        public string getCurrent(string sqlcommand)
        {
            string item="";
            DBConnection DB = new DBConnection();
            ////DB.cnTransact.Open();
            myReader = DB.ExecuteCommandquery(sqlcommand);
            while (myReader.Read())
            {
                item = myReader[0].ToString();
            }
            return item;
        }
        public Boolean ExcuteNoresultsQuery(String sqlCommand)
        {
            DBConnection DB = new DBConnection();
            ////DB.cnTransact.Open();
            if (DB.ExecuteCommandNonquery(sqlCommand))
            {
                return true;
            }
            else
            {
                return false;
            }
            ////DB.cnTransact.Close();
            return false;

        }
      
    }
}